I patched the spnego module

Sven Ludwig nginx at abraumhal.de
Wed Feb 15 18:11:06 UTC 2012

On 02-15 09:59, Michael Shadle wrote:
> On Tue, Feb 14, 2012 at 11:45 PM, Sven Ludwig <nginx at abraumhal.de> wrote:
> > Hi,
> >
> > i only want to announce, that i patched the spnego module, so you can use it as
> > a 100% replacement to apache2+mod_auth_kerb.
> >
> > https://github.com/muhgatus/spnego-http-auth-nginx-module
> >
> > I installed in on 3 hosts running now for about 2 weeks without an error.
> > Perhaps somebody wants to test it too? :)
> Was this based off off of my work I funded?
> https://github.com/mike503/spnego-http-auth-nginx-module

yes, it is.

> From my understanding if Kerberos fails it's supposed to fall back to
> digest, but nginx did not support digest yet (only basic), someone
> once summarized it for me and it is in my notes somewhere.

i only added basic auth to it in order if the browser does not
support negotiation then it will fall back to basic-auth and checks the
given password against kerberos.

i do not know how the get the digest auth working. basic auth was simple. i
modified the code within a couple of hours.

> It would be great to have a working module for this, there was
> interest in it when I brought it up a couple years ago, but then
> nobody helped extend or test it :)

i started to replace apache installations by nginx. so, here is my test result:

it works ;)

> I would love to talk offline, maybe there is something you're doing
> vs. mine (I didn't code it, only sponsor it) but obviously I want the
> most mature and extensible module out there.

so, you might merge my changes back to your repository on github.

More information about the nginx mailing list